merge hell p.x

2025-08-19 21:03:48 -07:00 · 2020-07-03 21:33:17 +02:00 · 2020-07-03 21:33:17 +02:00 · 7d1a278197
commit 7d1a278197
parent 2c0f595f86
10 changed files with 919 additions and 2118 deletions
--- a/armsrc/fpgaloader.h
+++ b/armsrc/fpgaloader.h
@ -65,7 +65,7 @@ thres|                          x x x x x x x x
 #define FPGA_MAJOR_MODE_HF_READER                   (0<<6) // D
 #define FPGA_MAJOR_MODE_HF_SIMULATOR                (1<<6) // D
 #define FPGA_MAJOR_MODE_HF_ISO14443A                (2<<6) // D
-#define FPGA_MAJOR_MODE_HF_SNOOP                    (3<<6) // D
+#define FPGA_MAJOR_MODE_HF_SNIFF                    (3<<6) // D
 #define FPGA_MAJOR_MODE_HF_ISO18092                 (4<<6) // D
 #define FPGA_MAJOR_MODE_HF_GET_TRACE                (5<<6) // D
@ -87,9 +87,9 @@ thres|                          x x x x x x x x
 #define FPGA_HF_READER_MODE_RECEIVE_PHASE           (2<<0)
 #define FPGA_HF_READER_MODE_SEND_FULL_MOD           (3<<0)
 #define FPGA_HF_READER_MODE_SEND_SHALLOW_MOD        (4<<0)
-#define FPGA_HF_READER_MODE_SNOOP_IQ                (5<<0)
+#define FPGA_HF_READER_MODE_SNIFF_IQ                (5<<0)
-#define FPGA_HF_READER_MODE_SNOOP_AMPLITUDE         (6<<0)
+#define FPGA_HF_READER_MODE_SNIFF_AMPLITUDE         (6<<0)
-#define FPGA_HF_READER_MODE_SNOOP_PHASE             (7<<0)
+#define FPGA_HF_READER_MODE_SNIFF_PHASE             (7<<0)
 #define FPGA_HF_READER_MODE_SEND_JAM                (8<<0)
 #define FPGA_HF_READER_SUBCARRIER_848_KHZ           (0<<4)
--- a/armsrc/iclass.c
+++ b/armsrc/iclass.c
--- a/armsrc/iclass.h
+++ b/armsrc/iclass.h
@ -13,7 +13,7 @@
 #include "common.h"
-void RAMFUNC SniffIClass(void);
+void SniffIClass(uint8_t jam_search_len, uint8_t *jam_search_string);
 void SimulateIClass(uint32_t arg0, uint32_t arg1, uint32_t arg2, uint8_t *datain);
 void ReaderIClass(uint8_t arg0);
 void ReaderIClass_Replay(uint8_t arg0, uint8_t *mac);
@ -21,7 +21,6 @@ void iClass_Authentication(uint8_t *mac);
 void iClass_Authentication_fast(uint64_t arg0, uint64_t arg1, uint8_t *datain);
 void iClass_WriteBlock(uint8_t blockno, uint8_t *data);
 void iClass_ReadBlk(uint8_t blockno);
 bool iClass_ReadBlock(uint8_t blockno, uint8_t *data, uint8_t len);
 void iClass_Dump(uint8_t blockno, uint8_t numblks);
 void iClass_Clone(uint8_t startblock, uint8_t endblock, uint8_t *data);
 void iClass_ReadCheck(uint8_t blockno, uint8_t keytype);
--- a/armsrc/iso14443b.c
+++ b/armsrc/iso14443b.c
--- a/armsrc/iso14443b.h
+++ b/armsrc/iso14443b.h
@ -28,7 +28,7 @@
 void iso14443b_setup(void);
 uint8_t iso14443b_apdu(uint8_t const *message, size_t message_length, uint8_t *response);
-uint8_t iso14443b_select_card(iso14b_card_select_t *card);
+int iso14443b_select_card(iso14b_card_select_t *card);
 uint8_t iso14443b_select_card_srx(iso14b_card_select_t *card);
 void SimulateIso14443bTag(uint32_t pupi);
--- a/armsrc/iso15693.c
+++ b/armsrc/iso15693.c
@ -76,7 +76,7 @@
 #define DELAY_ARM_TO_TAG                 16
 #define DELAY_TAG_TO_ARM                 32
-//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when snooping. All values should be multiples of 16
+//SSP_CLK runs at 13.56MHz / 4 = 3,39MHz when sniffing. All values should be multiples of 16
 #define DELAY_TAG_TO_ARM_SNIFF           32
 #define DELAY_READER_TO_ARM_SNIFF        32
@ -122,7 +122,7 @@ static void BuildInventoryResponse(uint8_t *uid);
 // resulting data rate is 26.48 kbit/s (fc/512)
 // cmd ... data
 // n ... length of data
-static void CodeIso15693AsReader(uint8_t *cmd, int n) {
+void CodeIso15693AsReader(uint8_t *cmd, int n) {
 	ToSendReset();
@ -195,7 +195,7 @@ static void CodeIso15693AsReader256(uint8_t *cmd, int n) {
 static const uint8_t encode_4bits[16] = { 0xaa, 0x6a, 0x9a, 0x5a, 0xa6, 0x66, 0x96, 0x56, 0xa9, 0x69, 0x99, 0x59, 0xa5, 0x65, 0x95, 0x55 };
-static void CodeIso15693AsTag(uint8_t *cmd, size_t len) {
+void CodeIso15693AsTag(uint8_t *cmd, size_t len) {
 	/*
 	 * SOF comprises 3 parts;
 	 * * An unmodulated time of 56.64 us
@ -241,7 +241,7 @@ static void CodeIso15693AsTag(uint8_t *cmd, size_t len) {
 }
 // Transmit the command (to the tag) that was placed in cmd[].
-static void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time) {
+void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time) {
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SEND_FULL_MOD);
@ -279,7 +279,7 @@ static void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time
 //-----------------------------------------------------------------------------
 // Transmit the command (to the reader) that was placed in cmd[].
 //-----------------------------------------------------------------------------
-static void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow) {
+void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow) {
 	// don't use the FPGA_HF_SIMULATOR_MODULATE_424K_8BIT minor mode. It would spoil GetCountSspClk()
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_MODULATE_424K);
@ -617,7 +617,7 @@ static void DecodeTagReset(DecodeTag_t *DecodeTag) {
 /*
 *  Receive and decode the tag response, also log to tracebuffer
 */
-static int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time) {
+int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time) {
 	int samples = 0;
 	int ret = 0;
@ -966,7 +966,7 @@ static RAMFUNC int Handle15693SampleFromReader(bool bit, DecodeReader_t *DecodeR
 			DecodeReader->posCount++;
 			if (DecodeReader->Coding == CODING_1_OUT_OF_4) {
 				if (DecodeReader->posCount == 7*16) { // 7 bits jammed
-					FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE); // stop jamming
+					FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNIFF_AMPLITUDE); // stop jamming
 					// FpgaDisableTracing();
 					LED_D_OFF();
 				} else if (DecodeReader->posCount == 8*16) {
@ -976,7 +976,7 @@ static RAMFUNC int Handle15693SampleFromReader(bool bit, DecodeReader_t *DecodeR
 				}
 			} else {
 				if (DecodeReader->posCount == 7*256) { // 7 bits jammend
-					FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE); // stop jamming
+					FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNIFF_AMPLITUDE); // stop jamming
 					LED_D_OFF();
 				} else if (DecodeReader->posCount == 8*256) {
 					DecodeReader->posCount = 0;
@ -1005,7 +1005,7 @@ static RAMFUNC int Handle15693SampleFromReader(bool bit, DecodeReader_t *DecodeR
 // correctly.
 //-----------------------------------------------------------------------------
-static int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time) {
+int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time) {
 	int samples = 0;
 	bool gotFrame = false;
 	uint8_t b;
@ -1167,7 +1167,7 @@ void SniffIso15693(uint8_t jam_search_len, uint8_t *jam_search_string) {
 	Dbprintf("Sniff started. Press PM3 Button to stop.");
-	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNOOP_AMPLITUDE);
+	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_READER | FPGA_HF_READER_MODE_SNIFF_AMPLITUDE);
 	LED_D_OFF();
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	FpgaSetupSsc(FPGA_MAJOR_MODE_HF_READER);
@ -1197,7 +1197,7 @@ void SniffIso15693(uint8_t jam_search_len, uint8_t *jam_search_string) {
 			dma_start_time = GetCountSspClk() & 0xfffffff0;
 		}
-		uint16_t snoopdata = *upTo++;
+		uint16_t sniffdata = *upTo++;
 		if (upTo >= dmaBuf + ISO15693_DMA_BUFFER_SIZE) {                   // we have read all of the DMA buffer content.
 			upTo = dmaBuf;                                                 // start reading the circular buffer from the beginning
@ -1218,7 +1218,7 @@ void SniffIso15693(uint8_t jam_search_len, uint8_t *jam_search_string) {
 		}
 		if (!TagIsActive) {                                                // no need to try decoding reader data if the tag is sending
-			if (Handle15693SampleFromReader(snoopdata & 0x02, &DecodeReader)) {
+			if (Handle15693SampleFromReader(sniffdata & 0x02, &DecodeReader)) {
 				uint32_t eof_time = dma_start_time + samples*16 + 8 - DELAY_READER_TO_ARM_SNIFF; // end of EOF
 				if (DecodeReader.byteCount > 0) {
@ -1236,7 +1236,7 @@ void SniffIso15693(uint8_t jam_search_len, uint8_t *jam_search_string) {
 				ReaderIsActive = false;
 				ExpectTagAnswer = true;
-			} else if (Handle15693SampleFromReader(snoopdata & 0x01, &DecodeReader)) {
+			} else if (Handle15693SampleFromReader(sniffdata & 0x01, &DecodeReader)) {
 				uint32_t eof_time = dma_start_time + samples*16 + 16 - DELAY_READER_TO_ARM_SNIFF; // end of EOF
 				if (DecodeReader.byteCount > 0) {
@ -1261,7 +1261,7 @@ void SniffIso15693(uint8_t jam_search_len, uint8_t *jam_search_string) {
 		}
 		if (!ReaderIsActive && ExpectTagAnswer) {                       // no need to try decoding tag data if the reader is currently sending or no answer expected yet
-			if (Handle15693SamplesFromTag(snoopdata >> 2, &DecodeTag)) {
+			if (Handle15693SamplesFromTag(sniffdata >> 2, &DecodeTag)) {
 				uint32_t eof_time = dma_start_time + samples*16 - DELAY_TAG_TO_ARM_SNIFF; // end of EOF
 				if (DecodeTag.lastBit == SOF_PART2) {
@ -1550,7 +1550,7 @@ void ReaderIso15693(uint32_t parameter) {
 }
 // When SIM: initialize the Proxmark3 as ISO15693 tag
-static void Iso15693InitTag(void) {
+void Iso15693InitTag(void) {
 	FpgaDownloadAndGo(FPGA_BITSTREAM_HF);
 	SetAdcMuxFor(GPIO_MUXSEL_HIPKD);
 	FpgaWriteConfWord(FPGA_MAJOR_MODE_HF_SIMULATOR | FPGA_HF_SIMULATOR_NO_MODULATION);
--- a/armsrc/iso15693.h
+++ b/armsrc/iso15693.h
@ -23,6 +23,15 @@
 #define DELAY_ISO15693_VCD_TO_VICC_READER 1056 // 1056/3,39MHz = 311.5us from end of command EOF to start of tag response
 #define DELAY_ISO15693_VICC_TO_VCD_READER 1024 // 1024/3.39MHz = 302.1us between end of tag response and next reader command
 void Iso15693InitReader(void);
 void Iso15693InitTag(void);
 void CodeIso15693AsReader(uint8_t *cmd, int n);
 void CodeIso15693AsTag(uint8_t *cmd, size_t len);
 void TransmitTo15693Reader(const uint8_t *cmd, size_t len, uint32_t *start_time, uint32_t slot_time, bool slow);
 int GetIso15693CommandFromReader(uint8_t *received, size_t max_len, uint32_t *eof_time);
 void TransmitTo15693Tag(const uint8_t *cmd, int len, uint32_t *start_time);
 int GetIso15693AnswerFromTag(uint8_t* response, uint16_t max_len, uint16_t timeout, uint32_t *eof_time);
 void RecordRawAdcSamplesIso15693(void);
 void AcquireRawAdcSamplesIso15693(void);
--- a/client/src/cmdhf14b.c
+++ b/client/src/cmdhf14b.c
@ -134,7 +134,7 @@ static bool waitCmd14b(bool verbose) {
    PacketResponseNG resp;
-    if (WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+    if (WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
        if ((resp.oldarg[0] & 0xFF) > 0) return false;
@ -314,7 +314,7 @@ static bool get_14b_UID(iso14b_card_select_t *card) {
        clearCommandBuffer();
        SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_SR | ISO14B_DISCONNECT, 0, 0, NULL, 0);
-        if (WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+        if (WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
            uint8_t status = resp.oldarg[0];
            if (status == 0) {
@ -330,7 +330,7 @@ static bool get_14b_UID(iso14b_card_select_t *card) {
        clearCommandBuffer();
        SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_STD | ISO14B_DISCONNECT, 0, 0, NULL, 0);
-        if (WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+        if (WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
            uint8_t status = resp.oldarg[0];
            if (status == 0) {
@ -515,7 +515,7 @@ static bool HF14B_Std_Info(bool verbose) {
    SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_STD | ISO14B_DISCONNECT, 0, 0, NULL, 0);
    PacketResponseNG resp;
-    if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+    if (!WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
        if (verbose) PrintAndLogEx(WARNING, "command execution timeout");
        switch_off_field_14b();
        return false;
@ -556,7 +556,7 @@ static bool HF14B_ST_Info(bool verbose) {
    SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_SR | ISO14B_DISCONNECT, 0, 0, NULL, 0);
    PacketResponseNG resp;
-    if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+    if (!WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
        if (verbose) PrintAndLogEx(WARNING, "command execution timeout");
        return false;
    }
@ -611,7 +611,7 @@ static bool HF14B_ST_Reader(bool verbose) {
    clearCommandBuffer();
    SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_SR | ISO14B_DISCONNECT, 0, 0, NULL, 0);
    PacketResponseNG resp;
-    if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+    if (!WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
        if (verbose) PrintAndLogEx(WARNING, "command execution timeout");
        return false;
    }
@ -651,7 +651,7 @@ static bool HF14B_Std_Reader(bool verbose) {
    SendCommandMIX(CMD_HF_ISO14443B_COMMAND, ISO14B_CONNECT | ISO14B_SELECT_STD | ISO14B_DISCONNECT, 0, 0, NULL, 0);
    PacketResponseNG resp;
-    if (!WaitForResponseTimeout(CMD_ACK, &resp, TIMEOUT)) {
+    if (!WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, TIMEOUT)) {
        if (verbose) PrintAndLogEx(WARNING, "command execution timeout");
        return false;
    }
@ -695,7 +695,7 @@ static bool HF14B_Other_Reader(void) {
    // clearCommandBuffer();
    // SendCommandMIX(CMD_HF_ISO14443B_COMMAND, flags, datalen, 0, data, datalen);
    // PacketResponseNG resp;
-    // WaitForResponse(CMD_ACK,&resp);
+    // WaitForResponse(CMD_HF_ISO14443B_COMMAND,&resp);
    // if (datalen > 2 ) {
    // PrintAndLogEx(NORMAL, "\n14443-3b tag found:");
@ -709,7 +709,7 @@ static bool HF14B_Other_Reader(void) {
    // clearCommandBuffer();
    // SendCommandMIX(CMD_HF_ISO14443B_COMMAND, flags, 1, 0, data, 1);
    // PacketResponseNG resp;
-    // WaitForResponse(CMD_ACK, &resp);
+    // WaitForResponse(CMD_HF_ISO14443B_COMMAND, &resp);
    // if (datalen > 0) {
    // PrintAndLogEx(NORMAL, "\n14443-3b tag found:");
@ -723,7 +723,7 @@ static bool HF14B_Other_Reader(void) {
    // clearCommandBuffer();
    // SendCommandMIX(CMD_HF_ISO14443B_COMMAND, flags, 1, 0, data, 1);
    // PacketResponseNG resp;
-    // WaitForResponse(CMD_ACK, &resp);
+    // WaitForResponse(CMD_HF_ISO14443B_COMMAND, &resp);
    // if (datalen > 0) {
    // PrintAndLogEx(NORMAL, "\n14443-3b tag found:");
@ -899,7 +899,7 @@ static int CmdHF14BDump(const char *Cmd) {
    SendCommandMIX(CMD_HF_ISO14443B_COMMAND,  ISO14B_CONNECT | ISO14B_SELECT_SR, 0, 0, NULL, 0);
    //select
-    if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
+    if (WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, 2000)) {
        if (resp.oldarg[0]) {
            PrintAndLogEx(INFO, "failed to select %" PRId64 " | %" PRId64, resp.oldarg[0], resp.oldarg[1]);
            goto out;
@ -915,7 +915,7 @@ static int CmdHF14BDump(const char *Cmd) {
        clearCommandBuffer();
        SendCommandMIX(CMD_HF_ISO14443B_COMMAND,  ISO14B_APPEND_CRC | ISO14B_RAW, 2, 0, req, sizeof(req));
-        if (WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
+        if (WaitForResponseTimeout(CMD_HF_ISO14443B_COMMAND, &resp, 2000)) {
            uint8_t status = resp.oldarg[0] & 0xFF;
            if (status > 0) {
--- a/client/src/cmdhficlass.c
+++ b/client/src/cmdhficlass.c
@ -529,21 +529,19 @@ static int CmdHFiClassSim(const char *Cmd) {
    char cmdp = tolower(param_getchar(Cmd, 0));
    if (strlen(Cmd) < 1 || cmdp == 'h') return usage_hf_iclass_sim();
    uint8_t simType = 0;
    uint8_t CSN[8] = {0, 0, 0, 0, 0, 0, 0, 0};
    uint8_t sim_type = param_get8ex(Cmd, 0, 0, 10);
-    simType = param_get8ex(Cmd, 0, 0, 10);
+    if (sim_type == 0) {
    if (simType == 0) {
        if (param_gethex(Cmd, 1, CSN, 16)) {
            PrintAndLogEx(ERR, "A CSN should consist of 16 HEX symbols");
            return usage_hf_iclass_sim();
        }
-        PrintAndLogEx(INFO, " simtype: %02x CSN: %s", simType, sprint_hex(CSN, 8));
+        PrintAndLogEx(INFO, " simtype: %02x CSN: %s", sim_type, sprint_hex(CSN, 8));
    }
-    if (simType > 4) {
+    if (sim_type > 4) {
-        PrintAndLogEx(ERR, "Undefined simptype %d", simType);
+        PrintAndLogEx(ERR, "Undefined simtype %d", sim_type);
        return usage_hf_iclass_sim();
    }
@ -575,14 +573,14 @@ static int CmdHFiClassSim(const char *Cmd) {
     **/
    uint8_t tries = 0;
-    switch (simType) {
+    switch (sim_type) {
-        case 2: {
+        case ICLASS_SIM_MODE_READER_ATTACK: {
            PrintAndLogEx(INFO, "Starting iCLASS sim 2 attack (elite mode)");
-            PrintAndLogEx(INFO, "press Enter to cancel");
+            PrintAndLogEx(INFO, "press " _YELLOW_("`enter`") " to cancel");
            PacketResponseNG resp;
            clearCommandBuffer();
-            SendCommandMIX(CMD_HF_ICLASS_SIMULATE, simType, NUM_CSNS, 0, csns, 8 * NUM_CSNS);
+            SendCommandMIX(CMD_HF_ICLASS_SIMULATE, sim_type, NUM_CSNS, 0, csns, 8 * NUM_CSNS);
            while (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
                tries++;
@ -625,13 +623,13 @@ static int CmdHFiClassSim(const char *Cmd) {
            free(dump);
            break;
        }
-        case 4: {
+        case ICLASS_SIM_MODE_READER_ATTACK_KEYROLL: {
            // reader in key roll mode,  when it has two keys it alternates when trying to verify.
            PrintAndLogEx(INFO, "Starting iCLASS sim 4 attack (elite mode, reader in key roll mode)");
            PrintAndLogEx(INFO, "press Enter to cancel");
            PacketResponseNG resp;
            clearCommandBuffer();
-            SendCommandMIX(CMD_HF_ICLASS_SIMULATE, simType, NUM_CSNS, 0, csns, 8 * NUM_CSNS);
+            SendCommandMIX(CMD_HF_ICLASS_SIMULATE, sim_type, NUM_CSNS, 0, csns, 8 * NUM_CSNS);
            while (!WaitForResponseTimeout(CMD_ACK, &resp, 2000)) {
                tries++;
@ -689,12 +687,13 @@ static int CmdHFiClassSim(const char *Cmd) {
            free(dump);
            break;
        }
-        case 1:
+        case ICLASS_SIM_MODE_CSN:
-        case 3:
+        case ICLASS_SIM_MODE_CSN_DEFAULT:
        case ICLASS_SIM_MODE_FULL:
        default: {
            uint8_t numberOfCSNs = 0;
            clearCommandBuffer();
-            SendCommandMIX(CMD_HF_ICLASS_SIMULATE, simType, numberOfCSNs, 0, CSN, 8);
+            SendCommandMIX(CMD_HF_ICLASS_SIMULATE, sim_type, numberOfCSNs, 0, CSN, 8);
            break;
        }
    }
--- a/include/pm3_cmd.h
+++ b/include/pm3_cmd.h
@ -588,6 +588,18 @@ typedef struct {
 #define FLAG_ICLASS_READER_ONE_TRY     0x20
 #define FLAG_ICLASS_READER_CEDITKEY    0x40
 // iCLASS simulation modes
 #define ICLASS_SIM_MODE_CSN                   0
 #define ICLASS_SIM_MODE_CSN_DEFAULT           1
 #define ICLASS_SIM_MODE_READER_ATTACK         2
 #define ICLASS_SIM_MODE_FULL                  3
 #define ICLASS_SIM_MODE_READER_ATTACK_KEYROLL 4
 #define ICLASS_SIM_MODE_EXIT_AFTER_MAC        5  // note: device internal only
 #define MODE_SIM_CSN        0
 #define MODE_EXIT_AFTER_MAC 1
 #define MODE_FULLSIM        2
 // Dbprintf flags
 #define FLAG_RAWPRINT    0x00
 #define FLAG_LOG         0x01